New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| application_list dictionary | Default: null | Configure application control lists. | |||
| app_replacemsg string |
| Enable/disable replacement messages for blocked applications. | |||
| comment string | comments | ||||
| deep_app_inspection string |
| Enable/disable deep application inspection. | |||
| entries list | Application list entries. | ||||
| action string |
| Pass or block traffic, or reset connection for traffic from this application. | |||
| application list | ID of allowed applications. | ||||
| id integer / required | Application IDs. | ||||
| behavior string | Application behavior filter. | ||||
| category list | Category ID list. | ||||
| id integer / required | Application category ID. | ||||
| id integer / required | Entry ID. | ||||
| log string |
| Enable/disable logging for this application list. | |||
| log_packet string |
| Enable/disable packet logging. | |||
| parameters list | Application parameters. | ||||
| id integer / required | Parameter ID. | ||||
| value string | Parameter value. | ||||
| per_ip_shaper string | Per-IP traffic shaper. Source firewall.shaper.per-ip-shaper.name. | ||||
| popularity string |
| Application popularity filter (1 - 5, from least to most popular). | |||
| protocols string | Application protocol filter. | ||||
| quarantine string |
| Quarantine method. | |||
| quarantine_expiry string | Duration of quarantine. (Format | ||||
| quarantine_log string |
| Enable/disable quarantine logging. | |||
| rate_count integer | Count of the rate. | ||||
| rate_duration integer | Duration (sec) of the rate. | ||||
| rate_mode string |
| Rate limit mode. | |||
| rate_track string |
| Track the packet protocol field. | |||
| risk list | Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). | ||||
| level integer / required | Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). | ||||
| session_ttl integer | Session TTL (0 = default). | ||||
| shaper string | Traffic shaper. Source firewall.shaper.traffic-shaper.name. | ||||
| shaper_reverse string | Reverse traffic shaper. Source firewall.shaper.traffic-shaper.name. | ||||
| sub_category list | Application Sub-category ID list. | ||||
| id integer / required | Application sub-category ID. | ||||
| technology string | Application technology filter. | ||||
| vendor string | Application vendor filter. | ||||
| extended_log string |
| Enable/disable extended logging. | |||
| name string / required | List name. | ||||
| options string |
| Basic application protocol signatures allowed by default. | |||
| other_application_action string |
| Action for other applications. | |||
| other_application_log string |
| Enable/disable logging for other applications. | |||
| p2p_black_list string |
| P2P applications to be black listed. | |||
| replacemsg_group string | Replacement message group. Source system.replacemsg-group.name. | ||||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | |||
| unknown_application_action string |
| Pass or block traffic from unknown applications. | |||
| unknown_application_log string |
| Enable/disable logging for unknown applications. | |||
| host string | FortiOS or FortiGate IP address. | ||||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |||
| password string | Default: "" | FortiOS or FortiGate password. | |||
| ssl_verify boolean added in 2.9 |
| Ensures FortiGate certificate must be verified by a proper CA. | |||
| state string added in 2.9 |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | |||
| username string | FortiOS or FortiGate username. | ||||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |||
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure application control lists.
fortios_application_list:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
application_list:
app_replacemsg: "disable"
comment: "comments"
deep_app_inspection: "disable"
entries:
-
action: "pass"
application:
-
id: "9"
behavior: "<your_own_value>"
category:
-
id: "12"
id: "13"
log: "disable"
log_packet: "disable"
parameters:
-
id: "17"
value: "<your_own_value>"
per_ip_shaper: "<your_own_value> (source firewall.shaper.per-ip-shaper.name)"
popularity: "1"
protocols: "<your_own_value>"
quarantine: "none"
quarantine_expiry: "<your_own_value>"
quarantine_log: "disable"
rate_count: "25"
rate_duration: "26"
rate_mode: "periodical"
rate_track: "none"
risk:
-
level: "30"
session_ttl: "31"
shaper: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
shaper_reverse: "<your_own_value> (source firewall.shaper.traffic-shaper.name)"
sub_category:
-
id: "35"
technology: "<your_own_value>"
vendor: "<your_own_value>"
extended_log: "enable"
name: "default_name_39"
options: "allow-dns"
other_application_action: "pass"
other_application_log: "disable"
p2p_black_list: "skype"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
unknown_application_action: "pass"
unknown_application_log: "disable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_application_list_module.html