W3cubDocs

/Ansible 2.10

fortinet.fortimanager.fmgr_pkg_firewall_policy – Configure IPv4 policies.

Note

This plugin is part of the fortinet.fortimanager collection.

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_pkg_firewall_policy.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device by allowing the user to [ add get set update ] the following apis.
  • /pm/config/adom/{adom}/pkg/{pkg}/firewall/policy
  • Examples include all parameters and values need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
loose_validation
boolean
    Choices:
  • no
  • yes
Do parameter validation in a loose way
method
string / required
    Choices:
  • add
  • get
  • set
  • update
The method in request
params
list / elements=string
The parameters for each method
See full parameters list in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
url_params
dictionary
The parameters for each API request URL
Also see full URL parameters in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
workspace_locking_adom
string
the adom name to lock in case FortiManager running in workspace mode
it can be global or any other custom adom names
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • There are only three top-level parameters where ‘method’ is always required while other two ‘params’ and ‘url_params’ can be optional
  • Due to the complexity of fortimanager api schema, the validation is done out of Ansible native parameter validation procedure.
  • The syntax of OPTIONS doen not comply with the standard Ansible argument specification, but with the structure of fortimanager API schema, we need a trivial transformation when we are filling the ansible playbook

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:

   - name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY
     fmgr_pkg_firewall_policy:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [add, set, update]>
        url_params:
           adom: <value in [none, global, custom dom]>
           pkg: <value of string>
        params:
           -
              data:
                -
                    action: <value in [deny, accept, ipsec, ...]>
                    app-category: <value of string>
                    application:
                      - <value of integer>
                    application-list: <value of string>
                    auth-cert: <value of string>
                    auth-path: <value in [disable, enable]>
                    auth-redirect-addr: <value of string>
                    auto-asic-offload: <value in [disable, enable]>
                    av-profile: <value of string>
                    block-notification: <value in [disable, enable]>
                    captive-portal-exempt: <value in [disable, enable]>
                    capture-packet: <value in [disable, enable]>
                    comments: <value of string>
                    custom-log-fields: <value of string>
                    delay-tcp-npu-session: <value in [disable, enable]>
                    devices: <value of string>
                    diffserv-forward: <value in [disable, enable]>
                    diffserv-reverse: <value in [disable, enable]>
                    diffservcode-forward: <value of string>
                    diffservcode-rev: <value of string>
                    disclaimer: <value in [disable, enable]>
                    dlp-sensor: <value of string>
                    dnsfilter-profile: <value of string>
                    dscp-match: <value in [disable, enable]>
                    dscp-negate: <value in [disable, enable]>
                    dscp-value: <value of string>
                    dsri: <value in [disable, enable]>
                    dstaddr: <value of string>
                    dstaddr-negate: <value in [disable, enable]>
                    dstintf: <value of string>
                    firewall-session-dirty: <value in [check-all, check-new]>
                    fixedport: <value in [disable, enable]>
                    fsso: <value in [disable, enable]>
                    fsso-agent-for-ntlm: <value of string>
                    global-label: <value of string>
                    groups: <value of string>
                    gtp-profile: <value of string>
                    icap-profile: <value of string>
                    identity-based-route: <value of string>
                    inbound: <value in [disable, enable]>
                    internet-service: <value in [disable, enable]>
                    internet-service-custom: <value of string>
                    internet-service-id: <value of string>
                    internet-service-negate: <value in [disable, enable]>
                    ippool: <value in [disable, enable]>
                    ips-sensor: <value of string>
                    label: <value of string>
                    learning-mode: <value in [disable, enable]>
                    logtraffic: <value in [disable, enable, all, ...]>
                    logtraffic-start: <value in [disable, enable]>
                    match-vip: <value in [disable, enable]>
                    mms-profile: <value of string>
                    name: <value of string>
                    nat: <value in [disable, enable]>
                    natinbound: <value in [disable, enable]>
                    natip: <value of string>
                    natoutbound: <value in [disable, enable]>
                    ntlm: <value in [disable, enable]>
                    ntlm-enabled-browsers:
                      - <value of string>
                    ntlm-guest: <value in [disable, enable]>
                    outbound: <value in [disable, enable]>
                    per-ip-shaper: <value of string>
                    permit-any-host: <value in [disable, enable]>
                    permit-stun-host: <value in [disable, enable]>
                    policyid: <value of integer>
                    poolname: <value of string>
                    profile-group: <value of string>
                    profile-protocol-options: <value of string>
                    profile-type: <value in [single, group]>
                    radius-mac-auth-bypass: <value in [disable, enable]>
                    redirect-url: <value of string>
                    replacemsg-override-group: <value of string>
                    rsso: <value in [disable, enable]>
                    rtp-addr: <value of string>
                    rtp-nat: <value in [disable, enable]>
                    scan-botnet-connections: <value in [disable, block, monitor]>
                    schedule: <value of string>
                    schedule-timeout: <value in [disable, enable]>
                    send-deny-packet: <value in [disable, enable]>
                    service: <value of string>
                    service-negate: <value in [disable, enable]>
                    session-ttl: <value of integer>
                    spamfilter-profile: <value of string>
                    srcaddr: <value of string>
                    srcaddr-negate: <value in [disable, enable]>
                    srcintf: <value of string>
                    ssl-mirror: <value in [disable, enable]>
                    ssl-mirror-intf: <value of string>
                    ssl-ssh-profile: <value of string>
                    status: <value in [disable, enable]>
                    tags: <value of string>
                    tcp-mss-receiver: <value of integer>
                    tcp-mss-sender: <value of integer>
                    tcp-session-without-syn: <value in [all, data-only, disable]>
                    timeout-send-rst: <value in [disable, enable]>
                    traffic-shaper: <value of string>
                    traffic-shaper-reverse: <value of string>
                    url-category: <value of string>
                    users: <value of string>
                    utm-status: <value in [disable, enable]>
                    uuid: <value of string>
                    vlan-cos-fwd: <value of integer>
                    vlan-cos-rev: <value of integer>
                    voip-profile: <value of string>
                    vpn_dst_node:
                      -
                          host: <value of string>
                          seq: <value of integer>
                          subnet: <value of string>
                    vpn_src_node:
                      -
                          host: <value of string>
                          seq: <value of integer>
                          subnet: <value of string>
                    vpntunnel: <value of string>
                    waf-profile: <value of string>
                    wanopt: <value in [disable, enable]>
                    wanopt-detection: <value in [active, passive, off]>
                    wanopt-passive-opt: <value in [default, transparent, non-transparent]>
                    wanopt-peer: <value of string>
                    wanopt-profile: <value of string>
                    wccp: <value in [disable, enable]>
                    webcache: <value in [disable, enable]>
                    webcache-https: <value in [disable, ssl-server, any, ...]>
                    webfilter-profile: <value of string>
                    wsso: <value in [disable, enable]>

   - name: REQUESTING /PM/CONFIG/PKG/{PKG}/FIREWALL/POLICY
     fmgr_pkg_firewall_policy:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [get]>
        url_params:
           adom: <value in [none, global, custom dom]>
           pkg: <value of string>
        params:
           -
              attr: <value of string>
              fields:
                -
                   - <value in [action, app-category, application, ...]>
              filter:
                - <value of string>
              get used: <value of integer>
              loadsub: <value of integer>
              option: <value in [count, object member, datasrc, ...]>
              range:
                - <value of integer>
              sortings:
                -
                    varidic.attr_name: <value in [1, -1]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
data
dictionary
always
The payload returned in the request

status
dictionary
always
The status of api request

url
string
always
The full url requested

Sample:
/sys/login/user


Authors

  • Frank Shen (@fshen01)
  • Link Zheng (@zhengl)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortimanager/fmgr_pkg_firewall_policy_module.html