W3cubDocs

/Ansible

fortinet.fortimanager.fmgr_pm_config_pblock_firewall_policy6 module – Configure IPv6 policies.

Note

This module is part of the fortinet.fortimanager collection (version 2.10.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_pm_config_pblock_firewall_policy6.

New in fortinet.fortimanager 2.2.0

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
adom string / required	The parameter (adom) in requested url.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: `false` ← (default) `true`
enable_log boolean	Enable/Disable logging for task. Choices: `false` ← (default) `true`
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
pblock string / required	The parameter (pblock) in requested url.
pm_config_pblock_firewall_policy6 dictionary	The top level parameters set.
_policy_block integer	Assigned policy block.
action string	Policy action Choices: `"deny"` `"accept"` `"ipsec"` `"ssl-vpn"`
anti_replay aliases: anti-replay string	Enable/disable anti-replay check. Choices: `"disable"` `"enable"`
app_category aliases: app-category any	(list) Application category ID list.
app_group aliases: app-group any	(list) Application group names.
application any	(list) Application ID list.
application_list aliases: application-list string	Name of an existing Application list.
auto_asic_offload aliases: auto-asic-offload string	Enable/disable policy traffic ASIC offloading. Choices: `"disable"` `"enable"`
av_profile aliases: av-profile string	Name of an existing Antivirus profile.
cgn_log_server_grp aliases: cgn-log-server-grp string	Cgn log server grp.
cifs_profile aliases: cifs-profile string	Name of an existing CIFS profile.
comments string	Comment.
custom_log_fields aliases: custom-log-fields any	(list) Log field index numbers to append custom log fields to log messages for this policy.
devices any	(list) Names of devices or device groups that can be matched by the policy.
diffserv_forward aliases: diffserv-forward string	Enable to change packets DiffServ values to the specified diffservcode-forward value. Choices: `"disable"` `"enable"`
diffserv_reverse aliases: diffserv-reverse string	Enable to change packets reverse Choices: `"disable"` `"enable"`
diffservcode_forward aliases: diffservcode-forward string	Change packets DiffServ to this value.
diffservcode_rev aliases: diffservcode-rev string	Change packets reverse
dlp_sensor aliases: dlp-sensor string	Name of an existing DLP sensor.
dnsfilter_profile aliases: dnsfilter-profile string	Name of an existing DNS filter profile.
dscp_match aliases: dscp-match string	Enable DSCP check. Choices: `"disable"` `"enable"`
dscp_negate aliases: dscp-negate string	Enable negated DSCP match. Choices: `"disable"` `"enable"`
dscp_value aliases: dscp-value string	DSCP value.
dsri string	Enable DSRI to ignore HTTP server responses. Choices: `"disable"` `"enable"`
dstaddr any	(list) Destination address and address group names.
dstaddr_negate aliases: dstaddr-negate string	When enabled dstaddr specifies what the destination address must NOT be. Choices: `"disable"` `"enable"`
dstintf any	(list) Outgoing
emailfilter_profile aliases: emailfilter-profile string	Name of an existing email filter profile.
firewall_session_dirty aliases: firewall-session-dirty string	How to handle sessions if the configuration of this firewall policy changes. Choices: `"check-all"` `"check-new"`
fixedport string	Enable to prevent source NAT from changing a sessions source port. Choices: `"disable"` `"enable"`
fsso_groups aliases: fsso-groups any	(list) Names of FSSO groups.
global_label aliases: global-label string	Label for the policy that appears when the GUI is in Global View mode.
groups any	(list) Names of user groups that can authenticate with this policy.
http_policy_redirect aliases: http-policy-redirect string	Redirect HTTP Choices: `"disable"` `"enable"`
icap_profile aliases: icap-profile string	Name of an existing ICAP profile.
inbound string	Policy-based IPsec VPN Choices: `"disable"` `"enable"`
inspection_mode aliases: inspection-mode string	Policy inspection mode Choices: `"proxy"` `"flow"`
ippool string	Enable to use IP Pools for source NAT. Choices: `"disable"` `"enable"`
ips_sensor aliases: ips-sensor string	Name of an existing IPS sensor.
label string	Label for the policy that appears when the GUI is in Section View mode.
logtraffic string	Enable or disable logging. Choices: `"disable"` `"enable"` `"all"` `"utm"`
logtraffic_start aliases: logtraffic-start string	Record logs when a session starts. Choices: `"disable"` `"enable"`
mms_profile aliases: mms-profile string	Name of an existing MMS profile.
name string	Policy name.
nat string	Enable/disable source NAT. Choices: `"disable"` `"enable"`
natinbound string	Policy-based IPsec VPN Choices: `"disable"` `"enable"`
natoutbound string	Policy-based IPsec VPN Choices: `"disable"` `"enable"`
np_acceleration aliases: np-acceleration string	Enable/disable UTM Network Processor acceleration. Choices: `"disable"` `"enable"`
outbound string	Policy-based IPsec VPN Choices: `"disable"` `"enable"`
per_ip_shaper aliases: per-ip-shaper string	Per-IP traffic shaper.
policy_offload aliases: policy-offload string	Policy offload. Choices: `"disable"` `"enable"`
policyid integer / required	Policy ID
poolname any	(list) IP Pool names.
profile_group aliases: profile-group string	Name of profile group.
profile_protocol_options aliases: profile-protocol-options string	Name of an existing Protocol options profile.
profile_type aliases: profile-type string	Determine whether the firewall policy allows security profile groups or single profiles only. Choices: `"single"` `"group"`
replacemsg_override_group aliases: replacemsg-override-group string	Override the default replacement message group for this policy.
rsso string	Enable/disable RADIUS single sign-on Choices: `"disable"` `"enable"`
schedule string	Schedule name.
send_deny_packet aliases: send-deny-packet string	Enable/disable return of deny-packet. Choices: `"disable"` `"enable"`
service any	(list) Service and service group names.
service_negate aliases: service-negate string	When enabled service specifies what the service must NOT be. Choices: `"disable"` `"enable"`
session_ttl aliases: session-ttl string	Session TTL in seconds for sessions accepted by this policy.
spamfilter_profile aliases: spamfilter-profile string	Name of an existing Spam filter profile.
srcaddr any	(list) Source address and address group names.
srcaddr_negate aliases: srcaddr-negate string	When enabled srcaddr specifies what the source address must NOT be. Choices: `"disable"` `"enable"`
srcintf any	(list) Incoming
ssh_filter_profile aliases: ssh-filter-profile string	Name of an existing SSH filter profile.
ssh_policy_redirect aliases: ssh-policy-redirect string	Redirect SSH traffic to matching transparent proxy policy. Choices: `"disable"` `"enable"`
ssl_mirror aliases: ssl-mirror string	Enable to copy decrypted SSL traffic to a FortiGate interface Choices: `"disable"` `"enable"`
ssl_mirror_intf aliases: ssl-mirror-intf any	(list) SSL mirror interface name.
ssl_ssh_profile aliases: ssl-ssh-profile string	Name of an existing SSL SSH profile.
status string	Enable or disable this policy. Choices: `"disable"` `"enable"`
tcp_mss_receiver aliases: tcp-mss-receiver integer	Receiver TCP maximum segment size
tcp_mss_sender aliases: tcp-mss-sender integer	Sender TCP maximum segment size
tcp_session_without_syn aliases: tcp-session-without-syn string	Enable/disable creation of TCP session without SYN flag. Choices: `"all"` `"data-only"` `"disable"`
timeout_send_rst aliases: timeout-send-rst string	Enable/disable sending RST packets when TCP sessions expire. Choices: `"disable"` `"enable"`
tos string	ToS
tos_mask aliases: tos-mask string	Non-zero bit positions are used for comparison while zero bit positions are ignored.
tos_negate aliases: tos-negate string	Enable negated TOS match. Choices: `"disable"` `"enable"`
traffic_shaper aliases: traffic-shaper string	Reverse traffic shaper.
traffic_shaper_reverse aliases: traffic-shaper-reverse string	Reverse traffic shaper.
url_category aliases: url-category any	(list) URL category ID list.
users any	(list) Names of individual users that can authenticate with this policy.
utm_status aliases: utm-status string	Enable AV/web/ips protection profile. Choices: `"disable"` `"enable"`
uuid string	Universally Unique Identifier
vlan_cos_fwd aliases: vlan-cos-fwd integer	VLAN forward direction user priority
vlan_cos_rev aliases: vlan-cos-rev integer	VLAN reverse direction user priority
vlan_filter aliases: vlan-filter string	Set VLAN filters.
voip_profile aliases: voip-profile string	Name of an existing VoIP profile.
vpntunnel string	Policy-based IPsec VPN
waf_profile aliases: waf-profile string	Name of an existing Web application firewall profile.
webcache string	Enable/disable web cache. Choices: `"disable"` `"enable"`
webcache_https aliases: webcache-https string	Enable/disable web cache for HTTPS. Choices: `"disable"` `"enable"`
webfilter_profile aliases: webfilter-profile string	Name of an existing Web filter profile.
webproxy_forward_server aliases: webproxy-forward-server string	Web proxy forward server name.
webproxy_profile aliases: webproxy-profile string	Webproxy profile name.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: `"update"` `"set"` `"add"`
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: `"present"` `"absent"`
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: `300`

Notes

Note

Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  gather_facts: false
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure IPv6 policies.
      fortinet.fortimanager.fmgr_pm_config_pblock_firewall_policy6:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        pblock: <your own value>
        state: present # <value in [present, absent]>
        pm_config_pblock_firewall_policy6:
          policyid: 0 # Required variable, integer
          # _policy_block: <integer>
          # action: <value in [deny, accept, ipsec, ...]>
          # anti_replay: <value in [disable, enable]>
          # app_category: <list or string>
          # app_group: <list or string>
          # application: <list or integer>
          # application_list: <string>
          # auto_asic_offload: <value in [disable, enable]>
          # av_profile: <string>
          # cgn_log_server_grp: <string>
          # cifs_profile: <string>
          # comments: <string>
          # custom_log_fields: <list or string>
          # diffserv_forward: <value in [disable, enable]>
          # diffserv_reverse: <value in [disable, enable]>
          # diffservcode_forward: <string>
          # diffservcode_rev: <string>
          # dlp_sensor: <string>
          # dnsfilter_profile: <string>
          # dsri: <value in [disable, enable]>
          # dstaddr: <list or string>
          # dstaddr_negate: <value in [disable, enable]>
          # dstintf: <list or string>
          # emailfilter_profile: <string>
          # firewall_session_dirty: <value in [check-all, check-new]>
          # fixedport: <value in [disable, enable]>
          # fsso_groups: <list or string>
          # global_label: <string>
          # groups: <list or string>
          # http_policy_redirect: <value in [disable, enable]>
          # icap_profile: <string>
          # inbound: <value in [disable, enable]>
          # inspection_mode: <value in [proxy, flow]>
          # ippool: <value in [disable, enable]>
          # ips_sensor: <string>
          # label: <string>
          # logtraffic: <value in [disable, enable, all, ...]>
          # logtraffic_start: <value in [disable, enable]>
          # mms_profile: <string>
          # name: <string>
          # nat: <value in [disable, enable]>
          # natinbound: <value in [disable, enable]>
          # natoutbound: <value in [disable, enable]>
          # np_acceleration: <value in [disable, enable]>
          # outbound: <value in [disable, enable]>
          # per_ip_shaper: <string>
          # policy_offload: <value in [disable, enable]>
          # poolname: <list or string>
          # profile_group: <string>
          # profile_protocol_options: <string>
          # profile_type: <value in [single, group]>
          # replacemsg_override_group: <string>
          # rsso: <value in [disable, enable]>
          # schedule: <string>
          # send_deny_packet: <value in [disable, enable]>
          # service: <list or string>
          # service_negate: <value in [disable, enable]>
          # session_ttl: <string>
          # srcaddr: <list or string>
          # srcaddr_negate: <value in [disable, enable]>
          # srcintf: <list or string>
          # ssh_filter_profile: <string>
          # ssh_policy_redirect: <value in [disable, enable]>
          # ssl_mirror: <value in [disable, enable]>
          # ssl_mirror_intf: <list or string>
          # ssl_ssh_profile: <string>
          # status: <value in [disable, enable]>
          # tcp_mss_receiver: <integer>
          # tcp_mss_sender: <integer>
          # tcp_session_without_syn: <value in [all, data-only, disable]>
          # timeout_send_rst: <value in [disable, enable]>
          # tos: <string>
          # tos_mask: <string>
          # tos_negate: <value in [disable, enable]>
          # traffic_shaper: <string>
          # traffic_shaper_reverse: <string>
          # url_category: <list or string>
          # users: <list or string>
          # utm_status: <value in [disable, enable]>
          # uuid: <string>
          # vlan_cos_fwd: <integer>
          # vlan_cos_rev: <integer>
          # vlan_filter: <string>
          # voip_profile: <string>
          # vpntunnel: <string>
          # waf_profile: <string>
          # webcache: <value in [disable, enable]>
          # webcache_https: <value in [disable, enable]>
          # webfilter_profile: <string>
          # webproxy_forward_server: <string>
          # webproxy_profile: <string>
          # dscp_negate: <value in [disable, enable]>
          # devices: <list or string>
          # dscp_value: <string>
          # spamfilter_profile: <string>
          # dscp_match: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: `"/sys/login/user"`
response_code integer	The status of api request. Returned: always Sample: `0`
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: `"OK."`
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: `0`
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

Xinwei Du (@dux-fortinet)
Xing Li (@lix-fortinet)
Jie Xue (@JieX19)
Link Zheng (@chillancezen)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

Collection links

© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_pm_config_pblock_firewall_policy6_module.html