Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_ips_sensor.
New in version 2.10: of fortinet.fortimanager
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| adom string / required | the parameter (adom) in requested url | ||||
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | |||
| ips_sensor dictionary | the top level parameters set | ||||
| block-malicious-url string |
| Enable/disable malicious URL blocking. | |||
| comment string | Comment. | ||||
| entries list / elements=string | no description | ||||
| action string |
| Action taken with traffic in which signatures are detected. | |||
| application string | no description | ||||
| exempt-ip list / elements=string | no description | ||||
| dst-ip string | Destination IP address and netmask. | ||||
| id integer | Exempt IP ID. | ||||
| src-ip string | Source IP address and netmask. | ||||
| id integer | Rule ID in IPS database (0 - 4294967295). | ||||
| location string | no description | ||||
| log string |
| Enable/disable logging of signatures included in filter. | |||
| log-attack-context string |
| Enable/disable logging of attack context: URL buffer, header buffer, body buffer, packet buffer. | |||
| log-packet string |
| Enable/disable packet logging. Enable to save the packet that triggers the filter. You can download the packets in pca... | |||
| os string | no description | ||||
| protocol string | no description | ||||
| quarantine string |
| Quarantine method. | |||
| quarantine-expiry string | Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to ... | ||||
| quarantine-log string |
| Enable/disable quarantine logging. | |||
| rate-count integer | Count of the rate. | ||||
| rate-duration integer | Duration (sec) of the rate. | ||||
| rate-mode string |
| Rate limit mode. | |||
| rate-track string |
| Track the packet protocol field. | |||
| rule string | Identifies the predefined or custom IPS signatures to add to the sensor. | ||||
| severity string | no description | ||||
| status string |
| Status of the signatures included in filter. default enables the filter and only use filters with default status of en... | |||
| extended-log string |
| Enable/disable extended logging. | |||
| filter list / elements=string | no description | ||||
| action string |
| Action of selected rules. | |||
| application string | no description | ||||
| location string | no description | ||||
| log string |
| Enable/disable logging of selected rules. | |||
| log-packet string |
| Enable/disable packet logging of selected rules. | |||
| name string | Filter name. | ||||
| os string | no description | ||||
| protocol string | no description | ||||
| quarantine string |
| Quarantine IP or interface. | |||
| quarantine-expiry integer | Duration of quarantine in minute. | ||||
| quarantine-log string |
| Enable/disable logging of selected quarantine. | |||
| severity string | no description | ||||
| status string |
| Selected rules status. | |||
| name string | Sensor name. | ||||
| override list / elements=string | no description | ||||
| action string |
| Action of override rule. | |||
| exempt-ip list / elements=string | no description | ||||
| dst-ip string | Destination IP address and netmask. | ||||
| id integer | Exempt IP ID. | ||||
| src-ip string | Source IP address and netmask. | ||||
| log string |
| Enable/disable logging. | |||
| log-packet string |
| Enable/disable packet logging. | |||
| quarantine string |
| Quarantine IP or interface. | |||
| quarantine-expiry integer | Duration of quarantine in minute. | ||||
| quarantine-log string |
| Enable/disable logging of selected quarantine. | |||
| rule-id integer | Override rule ID. | ||||
| status string |
| Enable/disable status of override rule. | |||
| replacemsg-group string | Replacement message group. | ||||
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | ||||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | ||||
| state string / required |
| the directive to create, update or delete an object | |||
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | ||||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | |||
Note
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure IPS sensor.
fmgr_ips_sensor:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
ips_sensor:
block-malicious-url: <value in [disable, enable]>
comment: <value of string>
entries:
-
action: <value in [pass, block, reset, ...]>
application: <value of string>
exempt-ip:
-
dst-ip: <value of string>
id: <value of integer>
src-ip: <value of string>
id: <value of integer>
location: <value of string>
log: <value in [disable, enable]>
log-attack-context: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
os: <value of string>
protocol: <value of string>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of string>
quarantine-log: <value in [disable, enable]>
rate-count: <value of integer>
rate-duration: <value of integer>
rate-mode: <value in [periodical, continuous]>
rate-track: <value in [none, src-ip, dest-ip, ...]>
rule: <value of string>
severity: <value of string>
status: <value in [disable, enable, default]>
extended-log: <value in [disable, enable]>
filter:
-
action: <value in [pass, block, default, ...]>
application: <value of string>
location: <value of string>
log: <value in [disable, enable, default]>
log-packet: <value in [disable, enable, default]>
name: <value of string>
os: <value of string>
protocol: <value of string>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of integer>
quarantine-log: <value in [disable, enable]>
severity: <value of string>
status: <value in [disable, enable, default]>
name: <value of string>
override:
-
action: <value in [pass, block, reset]>
exempt-ip:
-
dst-ip: <value of string>
id: <value of integer>
src-ip: <value of string>
log: <value in [disable, enable]>
log-packet: <value in [disable, enable]>
quarantine: <value in [none, attacker, both, ...]>
quarantine-expiry: <value of integer>
quarantine-log: <value in [disable, enable]>
rule-id: <value of integer>
status: <value in [disable, enable]>
replacemsg-group: <value of string>
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_ips_sensor_module.html