Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_system_settings
.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host string | FortiOS or FortiGate IP address. | |||
https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||
password string | Default: "" | FortiOS or FortiGate password. | ||
ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | ||
system_settings dictionary | Configure VDOM settings. | |||
allow_subnet_overlap string |
| Enable/disable allowing interface subnets to use overlapping IP addresses. | ||
asymroute string |
| Enable/disable IPv4 asymmetric routing. | ||
asymroute6 string |
| Enable/disable asymmetric IPv6 routing. | ||
asymroute6_icmp string |
| Enable/disable asymmetric ICMPv6 routing. | ||
asymroute_icmp string |
| Enable/disable ICMP asymmetric routing. | ||
bfd string |
| Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. | ||
bfd_desired_min_tx integer | BFD desired minimal transmit interval (1 - 100000 ms). | |||
bfd_detect_mult integer | BFD detection multiplier (1 - 50). | |||
bfd_dont_enforce_src_port string |
| Enable to not enforce verifying the source port of BFD Packets. | ||
bfd_required_min_rx integer | BFD required minimal receive interval (1 - 100000 ms). | |||
block_land_attack string |
| Enable/disable blocking of land attacks. | ||
central_nat string |
| Enable/disable central NAT. | ||
comments string | VDOM comments. | |||
compliance_check string |
| Enable/disable PCI DSS compliance checking. | ||
default_voip_alg_mode string |
| Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn"t include a VoIP profile. | ||
deny_tcp_with_icmp string |
| Enable/disable denying TCP by sending an ICMP communication prohibited packet. | ||
device string | Interface to use for management access for NAT mode. Source system.interface.name. | |||
dhcp6_server_ip string | DHCPv6 server IPv6 address. | |||
dhcp_proxy string |
| Enable/disable the DHCP Proxy. | ||
dhcp_server_ip string | DHCP Server IPv4 address. | |||
discovered_device_timeout integer | Timeout for discovered devices (1 - 365 days). | |||
ecmp_max_paths integer | Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 100). | |||
email_portal_check_dns string |
| Enable/disable using DNS to validate email addresses collected by a captive portal. | ||
firewall_session_dirty string |
| Select how to manage sessions affected by firewall policy configuration changes. | ||
fw_session_hairpin string |
| Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. | ||
gateway string | Transparent mode IPv4 default gateway IP address. | |||
gateway6 string | Transparent mode IPv4 default gateway IP address. | |||
gui_advanced_policy string |
| Enable/disable advanced policy configuration on the GUI. | ||
gui_allow_unnamed_policy string |
| Enable/disable the requirement for policy naming on the GUI. | ||
gui_antivirus string |
| Enable/disable AntiVirus on the GUI. | ||
gui_ap_profile string |
| Enable/disable FortiAP profiles on the GUI. | ||
gui_application_control string |
| Enable/disable application control on the GUI. | ||
gui_default_policy_columns list / elements=string | Default columns to display for policy lists on GUI. | |||
name string / required | Select column name. | |||
gui_dhcp_advanced string |
| Enable/disable advanced DHCP options on the GUI. | ||
gui_dlp string |
| Enable/disable DLP on the GUI. | ||
gui_dns_database string |
| Enable/disable DNS database settings on the GUI. | ||
gui_dnsfilter string |
| Enable/disable DNS Filtering on the GUI. | ||
gui_domain_ip_reputation string |
| Enable/disable Domain and IP Reputation on the GUI. | ||
gui_dos_policy string |
| Enable/disable DoS policies on the GUI. | ||
gui_dynamic_profile_display string |
| Enable/disable RADIUS Single Sign On (RSSO) on the GUI. | ||
gui_dynamic_routing string |
| Enable/disable dynamic routing on the GUI. | ||
gui_email_collection string |
| Enable/disable email collection on the GUI. | ||
gui_endpoint_control string |
| Enable/disable endpoint control on the GUI. | ||
gui_endpoint_control_advanced string |
| Enable/disable advanced endpoint control options on the GUI. | ||
gui_explicit_proxy string |
| Enable/disable the explicit proxy on the GUI. | ||
gui_fortiap_split_tunneling string |
| Enable/disable FortiAP split tunneling on the GUI. | ||
gui_fortiextender_controller string |
| Enable/disable FortiExtender on the GUI. | ||
gui_icap string |
| Enable/disable ICAP on the GUI. | ||
gui_implicit_policy string |
| Enable/disable implicit firewall policies on the GUI. | ||
gui_ips string |
| Enable/disable IPS on the GUI. | ||
gui_load_balance string |
| Enable/disable server load balancing on the GUI. | ||
gui_local_in_policy string |
| Enable/disable Local-In policies on the GUI. | ||
gui_local_reports string |
| Enable/disable local reports on the GUI. | ||
gui_multicast_policy string |
| Enable/disable multicast firewall policies on the GUI. | ||
gui_multiple_interface_policy string |
| Enable/disable adding multiple interfaces to a policy on the GUI. | ||
gui_multiple_utm_profiles string |
| Enable/disable multiple UTM profiles on the GUI. | ||
gui_nat46_64 string |
| Enable/disable NAT46 and NAT64 settings on the GUI. | ||
gui_object_colors string |
| Enable/disable object colors on the GUI. | ||
gui_policy_based_ipsec string |
| Enable/disable policy-based IPsec VPN on the GUI. | ||
gui_policy_learning string |
| Enable/disable firewall policy learning mode on the GUI. | ||
gui_replacement_message_groups string |
| Enable/disable replacement message groups on the GUI. | ||
gui_spamfilter string |
| Enable/disable Antispam on the GUI. | ||
gui_sslvpn_personal_bookmarks string |
| Enable/disable SSL-VPN personal bookmark management on the GUI. | ||
gui_sslvpn_realms string |
| Enable/disable SSL-VPN realms on the GUI. | ||
gui_switch_controller string |
| Enable/disable the switch controller on the GUI. | ||
gui_threat_weight string |
| Enable/disable threat weight on the GUI. | ||
gui_traffic_shaping string |
| Enable/disable traffic shaping on the GUI. | ||
gui_voip_profile string |
| Enable/disable VoIP profiles on the GUI. | ||
gui_vpn string |
| Enable/disable VPN tunnels on the GUI. | ||
gui_waf_profile string |
| Enable/disable Web Application Firewall on the GUI. | ||
gui_wan_load_balancing string |
| Enable/disable SD-WAN on the GUI. | ||
gui_wanopt_cache string |
| Enable/disable WAN Optimization and Web Caching on the GUI. | ||
gui_webfilter string |
| Enable/disable Web filtering on the GUI. | ||
gui_webfilter_advanced string |
| Enable/disable advanced web filtering on the GUI. | ||
gui_wireless_controller string |
| Enable/disable the wireless controller on the GUI. | ||
http_external_dest string |
| Offload HTTP traffic to FortiWeb or FortiCache. | ||
ike_dn_format string |
| Configure IKE ASN.1 Distinguished Name format conventions. | ||
ike_quick_crash_detect string |
| Enable/disable IKE quick crash detection (RFC 6290). | ||
ike_session_resume string |
| Enable/disable IKEv2 session resumption (RFC 5723). | ||
implicit_allow_dns string |
| Enable/disable implicitly allowing DNS traffic. | ||
inspection_mode string |
| Inspection mode (proxy-based or flow-based). | ||
ip string | IP address and netmask. | |||
ip6 string | IPv6 address prefix for NAT mode. | |||
link_down_access string |
| Enable/disable link down access traffic. | ||
lldp_transmission string |
| Enable/disable Link Layer Discovery Protocol (LLDP) for this VDOM or apply global settings to this VDOM. | ||
mac_ttl integer | Duration of MAC addresses in Transparent mode (300 - 8640000 sec). | |||
manageip string | Transparent mode IPv4 management IP address and netmask. | |||
manageip6 string | Transparent mode IPv6 management IP address and netmask. | |||
multicast_forward string |
| Enable/disable multicast forwarding. | ||
multicast_skip_policy string |
| Enable/disable allowing multicast traffic through the FortiGate without a policy check. | ||
multicast_ttl_notchange string |
| Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. | ||
ngfw_mode string |
| Next Generation Firewall (NGFW) mode. | ||
opmode string |
| Firewall operation mode (NAT or Transparent). | ||
sccp_port integer | TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535). | |||
ses_denied_traffic string |
| Enable/disable including denied session in the session table. | ||
sip_helper string |
| Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). | ||
sip_nat_trace string |
| Enable/disable recording the original SIP source IP address when NAT is used. | ||
sip_ssl_port integer | TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535). | |||
sip_tcp_port integer | TCP port the SIP proxy monitors for SIP traffic (0 - 65535). | |||
sip_udp_port integer | UDP port the SIP proxy monitors for SIP traffic (0 - 65535). | |||
snat_hairpin_traffic string |
| Enable/disable source NAT (SNAT) for hairpin traffic. | ||
ssl_ssh_profile string | Profile for SSL/SSH inspection. Source firewall.ssl-ssh-profile.name. | |||
status string |
| Enable/disable this VDOM. | ||
strict_src_check string |
| Enable/disable strict source verification. | ||
tcp_session_without_syn string |
| Enable/disable allowing TCP session without SYN flags. | ||
utf8_spam_tagging string |
| Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. | ||
v4_ecmp_mode string |
| IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. | ||
vpn_stats_log string |
| Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. | ||
vpn_stats_period integer | Period to send VPN log statistics (60 - 86400 sec). | |||
wccp_cache_engine string |
| Enable/disable WCCP cache engine. | ||
username string | FortiOS or FortiGate username. | |||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure VDOM settings. fortios_system_settings: vdom: "{{ vdom }}" system_settings: allow_subnet_overlap: "enable" asymroute: "enable" asymroute_icmp: "enable" asymroute6: "enable" asymroute6_icmp: "enable" bfd: "enable" bfd_desired_min_tx: "9" bfd_detect_mult: "10" bfd_dont_enforce_src_port: "enable" bfd_required_min_rx: "12" block_land_attack: "disable" central_nat: "enable" comments: "<your_own_value>" compliance_check: "enable" default_voip_alg_mode: "proxy-based" deny_tcp_with_icmp: "enable" device: "<your_own_value> (source system.interface.name)" dhcp_proxy: "enable" dhcp_server_ip: "<your_own_value>" dhcp6_server_ip: "<your_own_value>" discovered_device_timeout: "23" ecmp_max_paths: "24" email_portal_check_dns: "disable" firewall_session_dirty: "check-all" fw_session_hairpin: "enable" gateway: "<your_own_value>" gateway6: "<your_own_value>" gui_advanced_policy: "enable" gui_allow_unnamed_policy: "enable" gui_antivirus: "enable" gui_ap_profile: "enable" gui_application_control: "enable" gui_default_policy_columns: - name: "default_name_36" gui_dhcp_advanced: "enable" gui_dlp: "enable" gui_dns_database: "enable" gui_dnsfilter: "enable" gui_domain_ip_reputation: "enable" gui_dos_policy: "enable" gui_dynamic_profile_display: "enable" gui_dynamic_routing: "enable" gui_email_collection: "enable" gui_endpoint_control: "enable" gui_endpoint_control_advanced: "enable" gui_explicit_proxy: "enable" gui_fortiap_split_tunneling: "enable" gui_fortiextender_controller: "enable" gui_icap: "enable" gui_implicit_policy: "enable" gui_ips: "enable" gui_load_balance: "enable" gui_local_in_policy: "enable" gui_local_reports: "enable" gui_multicast_policy: "enable" gui_multiple_interface_policy: "enable" gui_multiple_utm_profiles: "enable" gui_nat46_64: "enable" gui_object_colors: "enable" gui_policy_based_ipsec: "enable" gui_policy_learning: "enable" gui_replacement_message_groups: "enable" gui_spamfilter: "enable" gui_sslvpn_personal_bookmarks: "enable" gui_sslvpn_realms: "enable" gui_switch_controller: "enable" gui_threat_weight: "enable" gui_traffic_shaping: "enable" gui_voip_profile: "enable" gui_vpn: "enable" gui_waf_profile: "enable" gui_wan_load_balancing: "enable" gui_wanopt_cache: "enable" gui_webfilter: "enable" gui_webfilter_advanced: "enable" gui_wireless_controller: "enable" http_external_dest: "fortiweb" ike_dn_format: "with-space" ike_quick_crash_detect: "enable" ike_session_resume: "enable" implicit_allow_dns: "enable" inspection_mode: "proxy" ip: "<your_own_value>" ip6: "<your_own_value>" link_down_access: "enable" lldp_transmission: "enable" mac_ttl: "89" manageip: "<your_own_value>" manageip6: "<your_own_value>" multicast_forward: "enable" multicast_skip_policy: "enable" multicast_ttl_notchange: "enable" ngfw_mode: "profile-based" opmode: "nat" sccp_port: "97" ses_denied_traffic: "enable" sip_helper: "enable" sip_nat_trace: "enable" sip_ssl_port: "101" sip_tcp_port: "102" sip_udp_port: "103" snat_hairpin_traffic: "enable" ssl_ssh_profile: "<your_own_value> (source firewall.ssl-ssh-profile.name)" status: "enable" strict_src_check: "enable" tcp_session_without_syn: "enable" utf8_spam_tagging: "enable" v4_ecmp_mode: "source-ip-based" vpn_stats_log: "ipsec" vpn_stats_period: "112" wccp_cache_engine: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_system_settings_module.html