Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_firewall_profile_protocol_options.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| firewall_profile_protocol_options dictionary | Configure protocol options. | |||
| comment string | Optional comments. | |||
| dns dictionary | Configure DNS protocol options. | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| ftp dictionary | Configure FTP protocol options. | |||
| comfort_amount integer | Amount of data to send in a transmission for client comforting (1 - 10240 bytes). | |||
| comfort_interval integer | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). | |||
| inspect_all string |
| Enable/disable the inspection of all ports for the protocol. | ||
| options string |
| One or more options that can be applied to the session. | ||
| oversize_limit integer | Maximum in-memory file size that can be scanned (1 - 383 MB). | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| scan_bzip2 string |
| Enable/disable scanning of BZip2 compressed files. | ||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| uncompressed_nest_limit integer | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). | |||
| uncompressed_oversize_limit integer | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). | |||
| http dictionary | Configure HTTP protocol options. | |||
| block_page_status_code integer | Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599). | |||
| comfort_amount integer | Amount of data to send in a transmission for client comforting (1 - 10240 bytes). | |||
| comfort_interval integer | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec). | |||
| fortinet_bar string |
| Enable/disable Fortinet bar on HTML content. | ||
| fortinet_bar_port integer | Port for use by Fortinet Bar (1 - 65535). | |||
| http_policy string |
| Enable/disable HTTP policy check. | ||
| inspect_all string |
| Enable/disable the inspection of all ports for the protocol. | ||
| options string |
| One or more options that can be applied to the session. | ||
| oversize_limit integer | Maximum in-memory file size that can be scanned (1 - 383 MB). | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| post_lang string |
| ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). | ||
| range_block string |
| Enable/disable blocking of partial downloads. | ||
| retry_count integer | Number of attempts to retry HTTP connection (0 - 100). | |||
| scan_bzip2 string |
| Enable/disable scanning of BZip2 compressed files. | ||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| streaming_content_bypass string |
| Enable/disable bypassing of streaming content from buffering. | ||
| switching_protocols string |
| Bypass from scanning, or block a connection that attempts to switch protocol. | ||
| uncompressed_nest_limit integer | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). | |||
| uncompressed_oversize_limit integer | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). | |||
| imap dictionary | Configure IMAP protocol options. | |||
| inspect_all string |
| Enable/disable the inspection of all ports for the protocol. | ||
| options string |
| One or more options that can be applied to the session. | ||
| oversize_limit integer | Maximum in-memory file size that can be scanned (1 - 383 MB). | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| scan_bzip2 string |
| Enable/disable scanning of BZip2 compressed files. | ||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| uncompressed_nest_limit integer | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). | |||
| uncompressed_oversize_limit integer | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). | |||
| mail_signature dictionary | Configure Mail signature. | |||
| signature string | Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). | |||
| status string |
| Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. | ||
| mapi dictionary | Configure MAPI protocol options. | |||
| options string |
| One or more options that can be applied to the session. | ||
| oversize_limit integer | Maximum in-memory file size that can be scanned (1 - 383 MB). | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| scan_bzip2 string |
| Enable/disable scanning of BZip2 compressed files. | ||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| uncompressed_nest_limit integer | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). | |||
| uncompressed_oversize_limit integer | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). | |||
| name string / required | Name. | |||
| nntp dictionary | Configure NNTP protocol options. | |||
| inspect_all string |
| Enable/disable the inspection of all ports for the protocol. | ||
| options string |
| One or more options that can be applied to the session. | ||
| oversize_limit integer | Maximum in-memory file size that can be scanned (1 - 383 MB). | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| scan_bzip2 string |
| Enable/disable scanning of BZip2 compressed files. | ||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| uncompressed_nest_limit integer | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). | |||
| uncompressed_oversize_limit integer | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). | |||
| oversize_log string |
| Enable/disable logging for antivirus oversize file blocking. | ||
| pop3 dictionary | Configure POP3 protocol options. | |||
| inspect_all string |
| Enable/disable the inspection of all ports for the protocol. | ||
| options string |
| One or more options that can be applied to the session. | ||
| oversize_limit integer | Maximum in-memory file size that can be scanned (1 - 383 MB). | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| scan_bzip2 string |
| Enable/disable scanning of BZip2 compressed files. | ||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| uncompressed_nest_limit integer | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). | |||
| uncompressed_oversize_limit integer | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). | |||
| replacemsg_group string | Name of the replacement message group to be used Source system.replacemsg-group.name. | |||
| rpc_over_http string |
| Enable/disable inspection of RPC over HTTP. | ||
| smtp dictionary | Configure SMTP protocol options. | |||
| inspect_all string |
| Enable/disable the inspection of all ports for the protocol. | ||
| options string |
| One or more options that can be applied to the session. | ||
| oversize_limit integer | Maximum in-memory file size that can be scanned (1 - 383 MB). | |||
| ports integer | Ports to scan for content (1 - 65535). | |||
| scan_bzip2 string |
| Enable/disable scanning of BZip2 compressed files. | ||
| server_busy string |
| Enable/disable SMTP server busy when server not available. | ||
| status string |
| Enable/disable the active status of scanning for this protocol. | ||
| uncompressed_nest_limit integer | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). | |||
| uncompressed_oversize_limit integer | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited). | |||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||
| switching_protocols_log string |
| Enable/disable logging for HTTP/HTTPS switching protocols. | ||
| host string | FortiOS or FortiGate IP address. | |||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||
| password string | Default: "" | FortiOS or FortiGate password. | ||
| ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | ||
| state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||
| username string | FortiOS or FortiGate username. | |||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
Note
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure protocol options.
fortios_firewall_profile_protocol_options:
vdom: "{{ vdom }}"
state: "present"
firewall_profile_protocol_options:
comment: "Optional comments."
dns:
ports: "5"
status: "enable"
ftp:
comfort_amount: "8"
comfort_interval: "9"
inspect_all: "enable"
options: "clientcomfort"
oversize_limit: "12"
ports: "13"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "16"
uncompressed_oversize_limit: "17"
http:
block_page_status_code: "19"
comfort_amount: "20"
comfort_interval: "21"
fortinet_bar: "enable"
fortinet_bar_port: "23"
http_policy: "disable"
inspect_all: "enable"
options: "clientcomfort"
oversize_limit: "27"
ports: "28"
post_lang: "jisx0201"
range_block: "disable"
retry_count: "31"
scan_bzip2: "enable"
status: "enable"
streaming_content_bypass: "enable"
switching_protocols: "bypass"
uncompressed_nest_limit: "36"
uncompressed_oversize_limit: "37"
imap:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "41"
ports: "42"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "45"
uncompressed_oversize_limit: "46"
mail_signature:
signature: "<your_own_value>"
status: "disable"
mapi:
options: "fragmail"
oversize_limit: "52"
ports: "53"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "56"
uncompressed_oversize_limit: "57"
name: "default_name_58"
nntp:
inspect_all: "enable"
options: "oversize"
oversize_limit: "62"
ports: "63"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "66"
uncompressed_oversize_limit: "67"
oversize_log: "disable"
pop3:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "72"
ports: "73"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "76"
uncompressed_oversize_limit: "77"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
rpc_over_http: "enable"
smtp:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "83"
ports: "84"
scan_bzip2: "enable"
server_busy: "enable"
status: "enable"
uncompressed_nest_limit: "88"
uncompressed_oversize_limit: "89"
switching_protocols_log: "disable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_firewall_profile_protocol_options_module.html