Note
This plugin is part of the fortinet.fortios collection (version 2.1.2).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_ips_sensor
.
New in version 2.10: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
access_token string | Token-based authentication. Generated from GUI of Fortigate. | ||||
enable_log boolean |
| Enable/Disable logging for task. | |||
ips_sensor dictionary | Configure IPS sensor. | ||||
block_malicious_url string |
| Enable/disable malicious URL blocking. | |||
comment string | Comment. | ||||
entries list / elements=string | IPS sensor filter. | ||||
action string |
| Action taken with traffic in which signatures are detected. | |||
application string | Applications to be protected. set application ? lists available applications. all includes all applications. other includes all unlisted applications. | ||||
cve list / elements=string | List of CVE IDs of the signatures to add to the sensor | ||||
cve_entry string | CVE IDs or CVE wildcards. | ||||
exempt_ip list / elements=string | Traffic from selected source or destination IP addresses is exempt from this signature. | ||||
dst_ip string | Destination IP address and netmask. | ||||
id integer / required | Exempt IP ID. | ||||
src_ip string | Source IP address and netmask. | ||||
id integer / required | Rule ID in IPS database (0 - 4294967295). | ||||
location string | Protect client or server traffic. | ||||
log string |
| Enable/disable logging of signatures included in filter. | |||
log_attack_context string |
| Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. | |||
log_packet string |
| Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pcap format for diagnostic use. | |||
os string | Operating systems to be protected. all includes all operating systems. other includes all unlisted operating systems. | ||||
protocol string | Protocols to be examined. set protocol ? lists available protocols. all includes all protocols. other includes all unlisted protocols. | ||||
quarantine string |
| Quarantine method. | |||
quarantine_expiry string | Duration of quarantine. (Format | ||||
quarantine_log string |
| Enable/disable quarantine logging. | |||
rate_count integer | Count of the rate. | ||||
rate_duration integer | Duration (sec) of the rate. | ||||
rate_mode string |
| Rate limit mode. | |||
rate_track string |
| Track the packet protocol field. | |||
rule list / elements=string | Identifies the predefined or custom IPS signatures to add to the sensor. | ||||
id integer / required | Rule IPS. | ||||
severity string | Relative severity of the signature, from info to critical. Log messages generated by the signature include the severity. | ||||
status string |
| Status of the signatures included in filter. default enables the filter and only use filters with default status of enable. Filters with default status of disable will not be used. | |||
extended_log string |
| Enable/disable extended logging. | |||
filter list / elements=string | IPS sensor filter. | ||||
action string |
| Action of selected rules. | |||
application string | Vulnerable application filter. | ||||
location string | Vulnerability location filter. | ||||
log string |
| Enable/disable logging of selected rules. | |||
log_packet string |
| Enable/disable packet logging of selected rules. | |||
name string / required | Filter name. | ||||
os string | Vulnerable OS filter. | ||||
protocol string | Vulnerable protocol filter. | ||||
quarantine string |
| Quarantine IP or interface. | |||
quarantine_expiry integer | Duration of quarantine in minute. | ||||
quarantine_log string |
| Enable/disable logging of selected quarantine. | |||
severity string | Vulnerability severity filter. | ||||
status string |
| Selected rules status. | |||
name string / required | Sensor name. | ||||
override list / elements=string | IPS override rule. | ||||
action string |
| Action of override rule. | |||
exempt_ip list / elements=string | Exempted IP. | ||||
dst_ip string | Destination IP address and netmask. | ||||
id integer / required | Exempt IP ID. | ||||
src_ip string | Source IP address and netmask. | ||||
log string |
| Enable/disable logging. | |||
log_packet string |
| Enable/disable packet logging. | |||
quarantine string |
| Quarantine IP or interface. | |||
quarantine_expiry integer | Duration of quarantine in minute. | ||||
quarantine_log string |
| Enable/disable logging of selected quarantine. | |||
rule_id integer | Override rule ID. | ||||
status string |
| Enable/disable status of override rule. | |||
replacemsg_group string | Replacement message group. Source system.replacemsg-group.name. | ||||
scan_botnet_connections string |
| Block or monitor connections to Botnet servers, or disable Botnet scanning. | |||
state string / required |
| Indicates whether to create or remove the object. | |||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure IPS sensor. fortios_ips_sensor: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" ips_sensor: block_malicious_url: "disable" comment: "Comment." entries: - action: "pass" application: "<your_own_value>" cve: - cve_entry: "<your_own_value>" exempt_ip: - dst_ip: "<your_own_value>" id: "12" src_ip: "<your_own_value>" id: "14" location: "<your_own_value>" log: "disable" log_attack_context: "disable" log_packet: "disable" os: "<your_own_value>" protocol: "<your_own_value>" quarantine: "none" quarantine_expiry: "<your_own_value>" quarantine_log: "disable" rate_count: "24" rate_duration: "25" rate_mode: "periodical" rate_track: "none" rule: - id: "29" severity: "<your_own_value>" status: "disable" extended_log: "enable" filter: - action: "pass" application: "<your_own_value>" location: "<your_own_value>" log: "disable" log_packet: "disable" name: "default_name_39" os: "<your_own_value>" protocol: "<your_own_value>" quarantine: "none" quarantine_expiry: "43" quarantine_log: "disable" severity: "<your_own_value>" status: "disable" name: "default_name_47" override: - action: "pass" exempt_ip: - dst_ip: "<your_own_value>" id: "52" src_ip: "<your_own_value>" log: "disable" log_packet: "disable" quarantine: "none" quarantine_expiry: "57" quarantine_log: "disable" rule_id: "59" status: "disable" replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)" scan_botnet_connections: "disable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_ips_sensor_module.html