:source: fmgd_firewall_policy.py :orphan: .. _fmgd_firewall_policy: fmgd_firewall_policy -- Configure IPv4 policies. ++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiManager device. - Examples include all parameters and values need to be adjusted to data sources before usage. - Tested with FortiManager v7.x. Requirements ------------ The below requirements are needed on the host that executes this module. - ansible-core>=2.16.0 FortiManager Version Compatibility ---------------------------------- .. raw:: html

Supported Version Ranges: v6.0.0 -> latest

Parameters ---------- .. raw:: html Notes ----- .. note:: - Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work. - To create or update an object, use state: present directive. - To delete an object, use state: absent directive - Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded Examples -------- .. code-block:: yaml+jinja - name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi gather_facts: false vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Configure IPv4 policies. fortinet.fmgdevice.fmgd_firewall_policy: # bypass_validation: false # workspace_locking_adom: # workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] device: vdom: state: present # firewall_policy: policyid: 0 # Required variable, integer # action: # app_category: # application: # application_list: # auth_cert: # auth_path: # auth_redirect_addr: # auto_asic_offload: # av_profile: # block_notification: # captive_portal_exempt: # capture_packet: # comments: # custom_log_fields: # delay_tcp_npu_session: # devices: # diffserv_forward: # diffserv_reverse: # diffservcode_forward: # diffservcode_rev: # disclaimer: # dlp_sensor: # dnsfilter_profile: # dscp_match: # dscp_negate: # dscp_value: # dsri: # dstaddr: # dstaddr_negate: # dstintf: # firewall_session_dirty: # fixedport: # fsso: # fsso_agent_for_ntlm: # global_label: # groups: # gtp_profile: # icap_profile: # identity_based_route: # inbound: # internet_service: # internet_service_custom: # internet_service_id: # internet_service_negate: # ippool: # ips_sensor: # label: # learning_mode: # logtraffic: # logtraffic_start: # match_vip: # mms_profile: # name: # nat: # natinbound: # natip: # natoutbound: # ntlm: # ntlm_enabled_browsers: # ntlm_guest: # outbound: # per_ip_shaper: # permit_any_host: # permit_stun_host: # poolname: # profile_group: # profile_protocol_options: # profile_type: # radius_mac_auth_bypass: # redirect_url: # replacemsg_override_group: # rsso: # rtp_addr: # rtp_nat: # scan_botnet_connections: # schedule: # schedule_timeout: # send_deny_packet: # service: # service_negate: # session_ttl: # spamfilter_profile: # srcaddr: # srcaddr_negate: # srcintf: # ssl_mirror: # ssl_mirror_intf: # ssl_ssh_profile: # status: # tags: # tcp_mss_receiver: # tcp_mss_sender: # tcp_session_without_syn: # timeout_send_rst: # traffic_shaper: # traffic_shaper_reverse: # url_category: # users: # utm_status: # uuid: # vlan_cos_fwd: # vlan_cos_rev: # voip_profile: # vpn_dst_node: # - host: # seq: # subnet: # vpn_src_node: # - host: # seq: # subnet: # vpntunnel: # waf_profile: # wanopt: # wanopt_detection: # wanopt_passive_opt: # wanopt_peer: # wanopt_profile: # wccp: # webcache: # webcache_https: # webfilter_profile: # wsso: # anti_replay: # app_group: # cifs_profile: # email_collect: # emailfilter_profile: # fsso_groups: # geoip_anycast: # http_policy_redirect: # inspection_mode: # internet_service_custom_group: # internet_service_group: # internet_service_src: # internet_service_src_custom: # internet_service_src_custom_group: # internet_service_src_group: # internet_service_src_id: # internet_service_src_negate: # match_vip_only: # np_acceleration: # reputation_direction: # reputation_minimum: # ssh_filter_profile: # ssh_policy_redirect: # tos: # tos_mask: # tos_negate: # vlan_filter: # webproxy_forward_server: # webproxy_profile: # np_accelation: # delay_tcp_npu_sessoin: # casi_profile: # best_route: # decrypted_traffic_mirror: # dstaddr6: # geoip_match: # internet_service_name: # internet_service_src_name: # poolname6: # src_vendor_mac: # srcaddr6: # file_filter_profile: # policy_offload: # cgn_session_quota: # cgn_eif: # cgn_log_server_grp: # cgn_eim: # cgn_resource_quota: # dynamic_shaping: # passive_wan_health_measurement: # videofilter_profile: # ztna_ems_tag: # ztna_geo_tag: # ztna_status: # _policy_block: # dlp_profile: # fec: # nat46: # nat64: # pfcp_profile: # policy_expiry: # policy_expiry_date: # sctp_filter_profile: # sgt: # sgt_check: # tcp_timeout_pid: # udp_timeout_pid: # diffserv_copy: # dstaddr6_negate: # internet_service6: # internet_service6_custom: # internet_service6_custom_group: # internet_service6_group: # internet_service6_name: # internet_service6_negate: # internet_service6_src: # internet_service6_src_custom: # internet_service6_src_custom_group: # internet_service6_src_group: # internet_service6_src_name: # internet_service6_src_negate: # network_service_dynamic: # network_service_src_dynamic: # reputation_direction6: # reputation_minimum6: # srcaddr6_negate: # ip_version_type: # ips_voip_filter: # pcp_inbound: # pcp_outbound: # pcp_poolname: # policy_behaviour_type: # policy_expiry_date_utc: # ztna_device_ownership: # ztna_ems_tag_secondary: # ztna_policy_redirect: # ztna_tags_match_logic: # casb_profile: # virtual_patch_profile: # diameter_filter_profile: # port_preserve: # cgn_sw_eif_ctrl: # eif_check: # eif_learn: # log_http_transaction: # radius_ip_auth_bypass: # app_monitor: # port_random: # ztna_ems_tag_negate: # telemetry_profile: # access_proxy: # detect_https_in_http_request: # device_ownership: # dynamic_bypass: # explicit_web_proxy: # extended_log: # force_proxy: # http_tunnel_auth: # https_sub_category: # ia_profile: # implicit_proxy_detection: # isolator_profile: # isolator_server: # max_session_per_user: # pass_through: # redirect_profile: # reverse_cache: # ssh_policy_check: # transparent: # type: # url_risk: # service_connector: # ztna_proxy: # internet_service6_fortiguard: # scim_groups: # internet_service_fortiguard: # internet_service_src_fortiguard: # scim_users: # scim: # internet_service6_src_fortiguard: # saml_server: # llm_profile: Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Xinwei Du (@dux-fortinet) - Xing Li (@lix-fortinet) - Jie Xue (@JieX19) - Link Zheng (@chillancezen) - Frank Shen (@fshen01) - Hongbin Lu (@fgtdev-hblu)