Note
This plugin is part of the fortinet.fortios collection (version 1.1.8).
To install it use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_firewall_sniffer
.
New in version 2.8: of fortinet.fortios
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
access_token string | Token-based authentication. Generated from GUI of Fortigate. | |||
firewall_sniffer dictionary | Configure sniffer. | |||
anomaly list / elements=string | Configuration method to edit Denial of Service (DoS) anomaly settings. | |||
action string |
| Action taken when the threshold is reached. | ||
log string |
| Enable/disable anomaly logging. | ||
name string / required | Anomaly name. | |||
quarantine string |
| Quarantine method. | ||
quarantine_expiry string | Duration of quarantine. (Format | |||
quarantine_log string |
| Enable/disable quarantine logging. | ||
status string |
| Enable/disable this anomaly. | ||
threshold integer | Anomaly threshold. Number of detected instances per minute that triggers the anomaly action. | |||
threshold(default) integer | Number of detected instances per minute which triggers action (1 - 2147483647). Note that each anomaly has a different threshold value assigned to it. | |||
application_list string | Name of an existing application list. Source application.list.name. | |||
application_list_status string |
| Enable/disable application control profile. | ||
av_profile string | Name of an existing antivirus profile. Source antivirus.profile.name. | |||
av_profile_status string |
| Enable/disable antivirus profile. | ||
dlp_sensor string | Name of an existing DLP sensor. Source dlp.sensor.name. | |||
dlp_sensor_status string |
| Enable/disable DLP sensor. | ||
dsri string |
| Enable/disable DSRI. | ||
host string | Hosts to filter for in sniffer traffic (Format examples: 1.1.1.1, 2.2.2.0/24, 3.3.3.3/255.255.255.0, 4.4.4.0-4.4.4.240). | |||
id integer / required | Sniffer ID. | |||
interface string | Interface name that traffic sniffing will take place on. Source system.interface.name. | |||
ips_dos_status string |
| Enable/disable IPS DoS anomaly detection. | ||
ips_sensor string | Name of an existing IPS sensor. Source ips.sensor.name. | |||
ips_sensor_status string |
| Enable/disable IPS sensor. | ||
ipv6 string |
| Enable/disable sniffing IPv6 packets. | ||
logtraffic string |
| Either log all sessions, only sessions that have a security profile applied, or disable all logging for this policy. | ||
max_packet_count integer | Maximum packet count (1 - 1000000). | |||
non_ip string |
| Enable/disable sniffing non-IP packets. | ||
port string | Ports to sniff (Format examples: 10, :20, 30:40, 50-, 100-200). | |||
protocol string | Integer value for the protocol type as defined by IANA (0 - 255). | |||
scan_botnet_connections string |
| Enable/disable scanning of connections to Botnet servers. | ||
spamfilter_profile string | Name of an existing spam filter profile. Source spamfilter.profile.name. | |||
spamfilter_profile_status string |
| Enable/disable spam filter. | ||
state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||
status string |
| Enable/disable the active status of the sniffer. | ||
vlan string | List of VLANs to sniff. | |||
webfilter_profile string | Name of an existing web filter profile. Source webfilter.profile.name. | |||
webfilter_profile_status string |
| Enable/disable web filter profile. | ||
state string added in 2.9 of fortinet.fortios |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||
vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Note
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure sniffer. fortios_firewall_sniffer: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" firewall_sniffer: anomaly: - action: "pass" log: "enable" name: "default_name_6" quarantine: "none" quarantine_expiry: "<your_own_value>" quarantine_log: "disable" status: "disable" threshold: "11" threshold(default): "12" application_list: "<your_own_value> (source application.list.name)" application_list_status: "enable" av_profile: "<your_own_value> (source antivirus.profile.name)" av_profile_status: "enable" dlp_sensor: "<your_own_value> (source dlp.sensor.name)" dlp_sensor_status: "enable" dsri: "enable" host: "myhostname" id: "21" interface: "<your_own_value> (source system.interface.name)" ips_dos_status: "enable" ips_sensor: "<your_own_value> (source ips.sensor.name)" ips_sensor_status: "enable" ipv6: "enable" logtraffic: "all" max_packet_count: "28" non_ip: "enable" port: "<your_own_value>" protocol: "<your_own_value>" scan_botnet_connections: "disable" spamfilter_profile: "<your_own_value> (source spamfilter.profile.name)" spamfilter_profile_status: "enable" status: "enable" vlan: "<your_own_value>" webfilter_profile: "<your_own_value> (source webfilter.profile.name)" webfilter_profile_status: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string | always | Build number of the fortigate image Sample: 1547 |
http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
name string | always | Name of the table used to fulfill the request Sample: urlfilter |
path string | always | Path of the table used to fulfill the request Sample: webfilter |
revision string | always | Internal revision number Sample: 17.0.2.10658 |
serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
status string | always | Indication of the operation's result Sample: success |
vdom string | always | Virtual domain used Sample: root |
version string | always | Version of the FortiGate Sample: v5.6.3 |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortios/fortios_firewall_sniffer_module.html