Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_firewall_sniffer.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| firewall_sniffer dictionary | Configure sniffer. | |||
| anomaly list / elements=string | Configuration method to edit Denial of Service (DoS) anomaly settings. | |||
| action string |
| Action taken when the threshold is reached. | ||
| log string |
| Enable/disable anomaly logging. | ||
| name string / required | Anomaly name. | |||
| quarantine string |
| Quarantine method. | ||
| quarantine_expiry string | Duration of quarantine. (Format | |||
| quarantine_log string |
| Enable/disable quarantine logging. | ||
| status string |
| Enable/disable this anomaly. | ||
| threshold integer | Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. | |||
| threshold(default) integer | Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. | |||
| application_list string | Name of an existing application list. Source application.list.name. | |||
| application_list_status string |
| Enable/disable application control profile. | ||
| av_profile string | Name of an existing antivirus profile. Source antivirus.profile.name. | |||
| av_profile_status string |
| Enable/disable antivirus profile. | ||
| dlp_sensor string | Name of an existing DLP sensor. Source dlp.sensor.name. | |||
| dlp_sensor_status string |
| Enable/disable DLP sensor. | ||
| dsri string |
| Enable/disable DSRI. | ||
| host string | Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240). | |||
| id integer / required | Sniffer ID. | |||
| interface string | Interface name that traffic sniffing will take place on. Source system.interface.name. | |||
| ips_dos_status string |
| Enable/disable IPS DoS anomaly detection. | ||
| ips_sensor string | Name of an existing IPS sensor. Source ips.sensor.name. | |||
| ips_sensor_status string |
| Enable/disable IPS sensor. | ||
| ipv6 string |
| Enable/disable sniffing IPv6 packets. | ||
| logtraffic string |
| Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. | ||
| max_packet_count integer | Maximum packet count (1 - 1000000). | |||
| non_ip string |
| Enable/disable sniffing non-IP packets. | ||
| port string | Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200). | |||
| protocol string | Integer value for the protocol type as defined by IANA (0 - 255). | |||
| scan_botnet_connections string |
| Enable/disable scanning of connections to Botnet servers. | ||
| spamfilter_profile string | Name of an existing spam filter profile. Source spamfilter.profile.name. | |||
| spamfilter_profile_status string |
| Enable/disable spam filter. | ||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||
| status string |
| Enable/disable the active status of the sniffer. | ||
| vlan string | List of VLANs to sniff. | |||
| webfilter_profile string | Name of an existing web filter profile. Source webfilter.profile.name. | |||
| webfilter_profile_status string |
| Enable/disable web filter profile. | ||
| host string | FortiOS or FortiGate IP address. | |||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||
| password string | Default: "" | FortiOS or FortiGate password. | ||
| ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | ||
| state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||
| username string | FortiOS or FortiGate username. | |||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||
Note
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure sniffer.
fortios_firewall_sniffer:
vdom: "{{ vdom }}"
state: "present"
firewall_sniffer:
anomaly:
-
action: "pass"
log: "enable"
name: "default_name_6"
quarantine: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
status: "disable"
threshold: "11"
threshold(default): "12"
application_list: "<your_own_value> (source application.list.name)"
application_list_status: "enable"
av_profile: "<your_own_value> (source antivirus.profile.name)"
av_profile_status: "enable"
dlp_sensor: "<your_own_value> (source dlp.sensor.name)"
dlp_sensor_status: "enable"
dsri: "enable"
host: "myhostname"
id: "21"
interface: "<your_own_value> (source system.interface.name)"
ips_dos_status: "enable"
ips_sensor: "<your_own_value> (source ips.sensor.name)"
ips_sensor_status: "enable"
ipv6: "enable"
logtraffic: "all"
max_packet_count: "28"
non_ip: "enable"
port: "<your_own_value>"
protocol: "<your_own_value>"
scan_botnet_connections: "disable"
spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)"
spamfilter_profile_status: "enable"
status: "enable"
vlan: "<your_own_value>"
webfilter_profile: "<your_own_value> (source webfilter.profile.name)"
webfilter_profile_status: "enable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_firewall_sniffer_module.html