Note
This plugin is part of the fortinet.fortios collection.
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_wireless_controller_wids_profile.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | ||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |
| password string | Default: "" | FortiOS or FortiGate password. | |
| ssl_verify boolean added in 2.9 of fortinet.fortios |
| Ensures FortiGate certificate must be verified by a proper CA. | |
| state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | |
| username string | FortiOS or FortiGate username. | ||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |
| wireless_controller_wids_profile dictionary | Configure wireless intrusion detection system (WIDS) profiles. | ||
| ap_auto_suppress string |
| Enable/disable on-wire rogue AP auto-suppression . | |
| ap_bgscan_disable_day string |
| Optionally turn off scanning for one or more days of the week. Separate the days with a space. By default, no days are set. | |
| ap_bgscan_disable_end string | End time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . | ||
| ap_bgscan_disable_start string | Start time, using a 24-hour clock in the format of hh:mm, for disabling background scanning . | ||
| ap_bgscan_duration integer | Listening time on a scanning channel (10 - 1000 msec). | ||
| ap_bgscan_idle integer | Waiting time for channel inactivity before scanning this channel (0 - 1000 msec). | ||
| ap_bgscan_intv integer | Period of time between scanning two channels (1 - 600 sec). | ||
| ap_bgscan_period integer | Period of time between background scans (60 - 3600 sec). | ||
| ap_bgscan_report_intv integer | Period of time between background scan reports (15 - 600 sec). | ||
| ap_fgscan_report_intv integer | Period of time between foreground scan reports (15 - 600 sec). | ||
| ap_scan string |
| Enable/disable rogue AP detection. | |
| ap_scan_passive string |
| Enable/disable passive scanning. Enable means do not send probe request on any channels . | |
| asleap_attack string |
| Enable/disable asleap attack detection . | |
| assoc_flood_thresh integer | The threshold value for association frame flooding. | ||
| assoc_flood_time integer | Number of seconds after which a station is considered not connected. | ||
| assoc_frame_flood string |
| Enable/disable association frame flooding detection . | |
| auth_flood_thresh integer | The threshold value for authentication frame flooding. | ||
| auth_flood_time integer | Number of seconds after which a station is considered not connected. | ||
| auth_frame_flood string |
| Enable/disable authentication frame flooding detection . | |
| comment string | Comment. | ||
| deauth_broadcast string |
| Enable/disable broadcasting de-authentication detection . | |
| deauth_unknown_src_thresh integer | Threshold value per second to deauth unknown src for DoS attack (0: no limit). | ||
| eapol_fail_flood string |
| Enable/disable EAPOL-Failure flooding (to AP) detection . | |
| eapol_fail_intv integer | The detection interval for EAPOL-Failure flooding (1 - 3600 sec). | ||
| eapol_fail_thresh integer | The threshold value for EAPOL-Failure flooding in specified interval. | ||
| eapol_logoff_flood string |
| Enable/disable EAPOL-Logoff flooding (to AP) detection . | |
| eapol_logoff_intv integer | The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). | ||
| eapol_logoff_thresh integer | The threshold value for EAPOL-Logoff flooding in specified interval. | ||
| eapol_pre_fail_flood string |
| Enable/disable premature EAPOL-Failure flooding (to STA) detection . | |
| eapol_pre_fail_intv integer | The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). | ||
| eapol_pre_fail_thresh integer | The threshold value for premature EAPOL-Failure flooding in specified interval. | ||
| eapol_pre_succ_flood string |
| Enable/disable premature EAPOL-Success flooding (to STA) detection . | |
| eapol_pre_succ_intv integer | The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). | ||
| eapol_pre_succ_thresh integer | The threshold value for premature EAPOL-Success flooding in specified interval. | ||
| eapol_start_flood string |
| Enable/disable EAPOL-Start flooding (to AP) detection . | |
| eapol_start_intv integer | The detection interval for EAPOL-Start flooding (1 - 3600 sec). | ||
| eapol_start_thresh integer | The threshold value for EAPOL-Start flooding in specified interval. | ||
| eapol_succ_flood string |
| Enable/disable EAPOL-Success flooding (to AP) detection . | |
| eapol_succ_intv integer | The detection interval for EAPOL-Success flooding (1 - 3600 sec). | ||
| eapol_succ_thresh integer | The threshold value for EAPOL-Success flooding in specified interval. | ||
| invalid_mac_oui string |
| Enable/disable invalid MAC OUI detection. | |
| long_duration_attack string |
| Enable/disable long duration attack detection based on user configured threshold . | |
| long_duration_thresh integer | Threshold value for long duration attack detection (1000 - 32767 usec). | ||
| name string / required | WIDS profile name. | ||
| null_ssid_probe_resp string |
| Enable/disable null SSID probe response detection . | |
| sensor_mode string |
| Scan WiFi nearby stations . | |
| spoofed_deauth string |
| Enable/disable spoofed de-authentication attack detection . | |
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | |
| weak_wep_iv string |
| Enable/disable weak WEP IV (Initialization Vector) detection . | |
| wireless_bridge string |
| Enable/disable wireless bridge detection . | |
Note
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure wireless intrusion detection system (WIDS) profiles.
fortios_wireless_controller_wids_profile:
vdom: "{{ vdom }}"
state: "present"
wireless_controller_wids_profile:
ap_auto_suppress: "enable"
ap_bgscan_disable_day: "sunday"
ap_bgscan_disable_end: "<your_own_value>"
ap_bgscan_disable_start: "<your_own_value>"
ap_bgscan_duration: "7"
ap_bgscan_idle: "8"
ap_bgscan_intv: "9"
ap_bgscan_period: "10"
ap_bgscan_report_intv: "11"
ap_fgscan_report_intv: "12"
ap_scan: "disable"
ap_scan_passive: "enable"
asleap_attack: "enable"
assoc_flood_thresh: "16"
assoc_flood_time: "17"
assoc_frame_flood: "enable"
auth_flood_thresh: "19"
auth_flood_time: "20"
auth_frame_flood: "enable"
comment: "Comment."
deauth_broadcast: "enable"
deauth_unknown_src_thresh: "24"
eapol_fail_flood: "enable"
eapol_fail_intv: "26"
eapol_fail_thresh: "27"
eapol_logoff_flood: "enable"
eapol_logoff_intv: "29"
eapol_logoff_thresh: "30"
eapol_pre_fail_flood: "enable"
eapol_pre_fail_intv: "32"
eapol_pre_fail_thresh: "33"
eapol_pre_succ_flood: "enable"
eapol_pre_succ_intv: "35"
eapol_pre_succ_thresh: "36"
eapol_start_flood: "enable"
eapol_start_intv: "38"
eapol_start_thresh: "39"
eapol_succ_flood: "enable"
eapol_succ_intv: "41"
eapol_succ_thresh: "42"
invalid_mac_oui: "enable"
long_duration_attack: "enable"
long_duration_thresh: "45"
name: "default_name_46"
null_ssid_probe_resp: "enable"
sensor_mode: "disable"
spoofed_deauth: "enable"
weak_wep_iv: "enable"
wireless_bridge: "enable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_wireless_controller_wids_profile_module.html