| source: | fortios_firewall_profile_protocol_options.py |
|---|---|
| orphan: |
fortios_firewall_profile_protocol_options -- Configure protocol options in Fortinet's FortiOS and FortiGate.
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify firewall feature and profile_protocol_options category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.14
Using member operation to add an element to an existing object.
| Supported Version Ranges | |
| fortios_firewall_profile_protocol_options | v6.0.0 -> latest |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- firewall_profile_protocol_options - Configure protocol options. type: dict
more...
Supported Version Ranges firewall_profile_protocol_options v6.0.0 -> latest - cifs - Configure CIFS protocol options. type: dict
more...
Supported Version Ranges cifs v6.2.0 -> latest - domain_controller - Domain for which to decrypt CIFS traffic. Source user.domain-controller.name credential-store.domain-controller.server-name. type: str
more...
Supported Version Ranges domain_controller v6.4.0 -> v6.4.0v6.4.4 -> latest - options - One or more options that can be applied to the session. type: list choices: oversize
more...
Supported Version Ranges options v6.4.0 -> latest[oversize] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.4.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.4.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - server_credential_type - CIFS server credential type. type: str choices: none, credential-replication, credential-keytab
more...
Supported Version Ranges server_credential_type v6.2.7 -> v6.4.0v6.4.4 -> latest[none] v6.0.0 -> latest[credential-replication] v6.0.0 -> latest[credential-keytab] v6.0.0 -> latest - server_keytab - Server keytab. type: list member_path: cifs/server_keytab:principal
more...
Supported Version Ranges server_keytab v6.2.7 -> v6.4.0v6.4.4 -> latest - keytab - Base64 encoded keytab file containing credential of the server. type: str
more...
Supported Version Ranges keytab v6.2.7 -> v6.4.0v6.4.4 -> latest - principal - Service principal. For example, host/cifsserver.example.com@example.com. type: str required: true
more...
Supported Version Ranges principal v6.2.7 -> v6.4.0v6.4.4 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.2.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - tcp_window_maximum - Maximum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_maximum v6.4.0 -> latest - tcp_window_minimum - Minimum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_minimum v6.4.0 -> latest - tcp_window_size - Set TCP static window size. type: int
more...
Supported Version Ranges tcp_window_size v6.4.0 -> latest - tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic
more...
Supported Version Ranges tcp_window_type v6.4.0 -> latest[auto-tuning] v7.0.4 -> latest[system] v6.0.0 -> latest[static] v6.0.0 -> latest[dynamic] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.4.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.4.0 -> latest - comment - Optional comments. type: str
more...
Supported Version Ranges comment v6.0.0 -> latest - dns - Configure DNS protocol options. type: dict
more...
Supported Version Ranges dns v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ftp - Configure FTP protocol options. type: dict
more...
Supported Version Ranges ftp v6.0.0 -> latest - comfort_amount - Number of bytes to send in each transmission for client comforting (bytes). type: int
more...
Supported Version Ranges comfort_amount v6.0.0 -> latest - comfort_interval - Interval between successive transmissions of data for client comforting (seconds). type: int
more...
Supported Version Ranges comfort_interval v6.0.0 -> latest - explicit_ftp_tls - Enable/disable FTP redirection for explicit FTPS. type: str choices: enable, disable
more...
Supported Version Ranges explicit_ftp_tls v7.0.8 -> v7.0.12v7.2.1 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
more...
Supported Version Ranges inspect_all v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - options - One or more options that can be applied to the session. type: list choices: clientcomfort, oversize, splice, bypass-rest-command, bypass-mode-command
more...
Supported Version Ranges options v6.0.0 -> latest[clientcomfort] v6.0.0 -> latest[oversize] v6.0.0 -> latest[splice] v6.0.0 -> latest[bypass-rest-command] v6.0.0 -> latest[bypass-mode-command] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes
more...
Supported Version Ranges ssl_offloaded v6.2.0 -> latest[no] v6.0.0 -> latest[yes] v6.0.0 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int
more...
Supported Version Ranges stream_based_uncompressed_limit v7.0.0 -> latest - tcp_window_maximum - Maximum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_maximum v7.0.0 -> latest - tcp_window_minimum - Minimum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_minimum v7.0.0 -> latest - tcp_window_size - Set TCP static window size. type: int
more...
Supported Version Ranges tcp_window_size v7.0.0 -> latest - tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic
more...
Supported Version Ranges tcp_window_type v7.0.0 -> latest[auto-tuning] v7.0.4 -> latest[system] v6.0.0 -> latest[static] v6.0.0 -> latest[dynamic] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.0.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.0.0 -> latest - http - Configure HTTP protocol options. type: dict
more...
Supported Version Ranges http v6.0.0 -> latest - address_ip_rating - Enable/disable IP based URL rating. type: str choices: enable, disable
more...
Supported Version Ranges address_ip_rating v7.0.6 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - block_page_status_code - Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599). type: int
more...
Supported Version Ranges block_page_status_code v6.0.0 -> latest - comfort_amount - Number of bytes to send in each transmission for client comforting (bytes). type: int
more...
Supported Version Ranges comfort_amount v6.0.0 -> latest - comfort_interval - Interval between successive transmissions of data for client comforting (seconds). type: int
more...
Supported Version Ranges comfort_interval v6.0.0 -> latest - fortinet_bar - Enable/disable Fortinet bar on HTML content. type: str choices: enable, disable
more...
Supported Version Ranges fortinet_bar v6.0.0 -> v6.2.7v6.4.1 -> v6.4.1[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - fortinet_bar_port - Port for use by Fortinet Bar (1 - 65535). type: int
more...
Supported Version Ranges fortinet_bar_port v6.0.0 -> v6.2.7v6.4.1 -> v6.4.1 - h2c - Enable/disable h2c HTTP connection upgrade. type: str choices: enable, disable
more...
Supported Version Ranges h2c v7.2.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - http_policy - Enable/disable HTTP policy check. type: str choices: disable, enable
more...
Supported Version Ranges http_policy v6.0.0 -> v6.0.11[disable] v6.0.0 -> latest[enable] v6.0.0 -> latest - inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
more...
Supported Version Ranges inspect_all v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - options - One or more options that can be applied to the session. type: list choices: clientcomfort, servercomfort, oversize, chunkedbypass
more...
Supported Version Ranges options v6.0.0 -> latest[clientcomfort] v6.0.0 -> latest[servercomfort] v6.0.0 -> latest[oversize] v6.0.0 -> latest[chunkedbypass] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- post_lang - ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). type: list choices: jisx0201, jisx0208, jisx0212, gb2312, ksc5601-ex, euc-jp, sjis, iso2022-jp, iso2022-jp-1, iso2022-jp-2, euc-cn, ces-gbk, hz, ces-big5, euc-kr, iso2022-jp-3, iso8859-1, tis620, cp874, cp1252, cp1251
more...
Supported Version Ranges post_lang v6.0.0 -> latest[jisx0201] v6.0.0 -> latest[jisx0208] v6.0.0 -> latest[jisx0212] v6.0.0 -> latest[gb2312] v6.0.0 -> latest[ksc5601-ex] v6.0.0 -> latest[euc-jp] v6.0.0 -> latest[sjis] v6.0.0 -> latest[iso2022-jp] v6.0.0 -> latest[iso2022-jp-1] v6.0.0 -> latest[iso2022-jp-2] v6.0.0 -> latest[euc-cn] v6.0.0 -> latest[ces-gbk] v6.0.0 -> latest[hz] v6.0.0 -> latest[ces-big5] v6.0.0 -> latest[euc-kr] v6.0.0 -> latest[iso2022-jp-3] v6.0.0 -> latest[iso8859-1] v6.0.0 -> latest[tis620] v6.0.0 -> latest[cp874] v6.0.0 -> latest[cp1252] v6.0.0 -> latest[cp1251] v6.0.0 -> latest - proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
Supported Version Ranges proxy_after_tcp_handshake v6.4.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - range_block - Enable/disable blocking of partial downloads. type: str choices: disable, enable
more...
Supported Version Ranges range_block v6.0.0 -> latest[disable] v6.0.0 -> latest[enable] v6.0.0 -> latest - retry_count - Number of attempts to retry HTTP connection (0 - 100). type: int
more...
Supported Version Ranges retry_count v6.0.0 -> latest - scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes
more...
Supported Version Ranges ssl_offloaded v6.2.0 -> latest[no] v6.0.0 -> latest[yes] v6.0.0 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int
more...
Supported Version Ranges stream_based_uncompressed_limit v6.2.0 -> latest - streaming_content_bypass - Enable/disable bypassing of streaming content from buffering. type: str choices: enable, disable
more...
Supported Version Ranges streaming_content_bypass v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - strip_x_forwarded_for - Enable/disable stripping of HTTP X-Forwarded-For header. type: str choices: disable, enable
more...
Supported Version Ranges strip_x_forwarded_for v6.0.0 -> latest[disable] v6.0.0 -> latest[enable] v6.0.0 -> latest - switching_protocols - Bypass from scanning, or block a connection that attempts to switch protocol. type: str choices: bypass, block
more...
Supported Version Ranges switching_protocols v6.0.0 -> latest[bypass] v6.0.0 -> latest[block] v6.0.0 -> latest - tcp_window_maximum - Maximum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_maximum v6.2.0 -> latest - tcp_window_minimum - Minimum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_minimum v6.2.0 -> latest - tcp_window_size - Set TCP static window size. type: int
more...
Supported Version Ranges tcp_window_size v6.2.0 -> latest - tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic
more...
Supported Version Ranges tcp_window_type v6.2.0 -> latest[auto-tuning] v7.0.4 -> latest[system] v6.0.0 -> latest[static] v6.0.0 -> latest[dynamic] v6.0.0 -> latest - tunnel_non_http - Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port. type: str choices: enable, disable
more...
Supported Version Ranges tunnel_non_http v6.4.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.0.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.0.0 -> latest - unknown_content_encoding - Configure the action the FortiGate unit will take on unknown content-encoding. type: str choices: block, inspect, bypass
more...
Supported Version Ranges unknown_content_encoding v7.2.4 -> latest[block] v6.0.0 -> latest[inspect] v6.0.0 -> latest[bypass] v6.0.0 -> latest - unknown_http_version - How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1. type: str choices: reject, tunnel, best-effort
more...
Supported Version Ranges unknown_http_version v6.4.0 -> latest[reject] v6.0.0 -> latest[tunnel] v6.0.0 -> latest[best-effort] v6.0.0 -> latest - verify_dns_for_policy_matching - Enable/disable verification of DNS for policy matching. type: str choices: enable, disable
more...
Supported Version Ranges verify_dns_for_policy_matching v7.2.1 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - imap - Configure IMAP protocol options. type: dict
more...
Supported Version Ranges imap v6.0.0 -> latest - inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
more...
Supported Version Ranges inspect_all v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - options - One or more options that can be applied to the session. type: list choices: fragmail, oversize
more...
Supported Version Ranges options v6.0.0 -> latest[fragmail] v6.0.0 -> latest[oversize] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
Supported Version Ranges proxy_after_tcp_handshake v6.4.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes
more...
Supported Version Ranges ssl_offloaded v6.2.0 -> latest[no] v6.0.0 -> latest[yes] v6.0.0 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.0.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.0.0 -> latest - mail_signature - Configure Mail signature. type: dict
more...
Supported Version Ranges mail_signature v6.0.0 -> latest - signature - Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). type: str
more...
Supported Version Ranges signature v6.0.0 -> latest - status - Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. type: str choices: disable, enable
more...
Supported Version Ranges status v6.0.0 -> latest[disable] v6.0.0 -> latest[enable] v6.0.0 -> latest - mapi - Configure MAPI protocol options. type: dict
more...
Supported Version Ranges mapi v6.0.0 -> latest - options - One or more options that can be applied to the session. type: list choices: fragmail, oversize
more...
Supported Version Ranges options v6.0.0 -> latest[fragmail] v6.0.0 -> latest[oversize] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.0.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.0.0 -> latest - name - Name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> latest - nntp - Configure NNTP protocol options. type: dict
more...
Supported Version Ranges nntp v6.0.0 -> latest - inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
more...
Supported Version Ranges inspect_all v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - options - One or more options that can be applied to the session. type: list choices: oversize, splice
more...
Supported Version Ranges options v6.0.0 -> latest[oversize] v6.0.0 -> latest[splice] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
Supported Version Ranges proxy_after_tcp_handshake v6.4.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.0.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.0.0 -> latest - oversize_log - Enable/disable logging for antivirus oversize file blocking. type: str choices: disable, enable
more...
Supported Version Ranges oversize_log v6.0.0 -> latest[disable] v6.0.0 -> latest[enable] v6.0.0 -> latest - pop3 - Configure POP3 protocol options. type: dict
more...
Supported Version Ranges pop3 v6.0.0 -> latest - inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
more...
Supported Version Ranges inspect_all v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - options - One or more options that can be applied to the session. type: list choices: fragmail, oversize
more...
Supported Version Ranges options v6.0.0 -> latest[fragmail] v6.0.0 -> latest[oversize] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
Supported Version Ranges proxy_after_tcp_handshake v6.4.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes
more...
Supported Version Ranges ssl_offloaded v6.2.0 -> latest[no] v6.0.0 -> latest[yes] v6.0.0 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.0.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.0.0 -> latest - replacemsg_group - Name of the replacement message group to be used. Source system.replacemsg-group.name. type: str
more...
Supported Version Ranges replacemsg_group v6.0.0 -> latest - rpc_over_http - Enable/disable inspection of RPC over HTTP. type: str choices: enable, disable
more...
Supported Version Ranges rpc_over_http v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - smtp - Configure SMTP protocol options. type: dict
more...
Supported Version Ranges smtp v6.0.0 -> latest - inspect_all - Enable/disable the inspection of all ports for the protocol. type: str choices: enable, disable
more...
Supported Version Ranges inspect_all v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - options - One or more options that can be applied to the session. type: list choices: fragmail, oversize, splice
more...
Supported Version Ranges options v6.0.0 -> latest[fragmail] v6.0.0 -> latest[oversize] v6.0.0 -> latest[splice] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.0.0 -> latest - ports - Ports to scan for content (1 - 65535). type: list
- proxy_after_tcp_handshake - Proxy traffic after the TCP 3-way handshake has been established (not before). type: str choices: enable, disable
more...
Supported Version Ranges proxy_after_tcp_handshake v6.4.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - server_busy - Enable/disable SMTP server busy when server not available. type: str choices: enable, disable
more...
Supported Version Ranges server_busy v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes
more...
Supported Version Ranges ssl_offloaded v6.2.0 -> latest[no] v6.0.0 -> latest[yes] v6.0.0 -> latest - status - Enable/disable the active status of scanning for this protocol. type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.0.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.0.0 -> latest - ssh - Configure SFTP and SCP protocol options. type: dict
more...
Supported Version Ranges ssh v6.2.0 -> latest - comfort_amount - Number of bytes to send in each transmission for client comforting (bytes). type: int
more...
Supported Version Ranges comfort_amount v6.2.0 -> latest - comfort_interval - Interval between successive transmissions of data for client comforting (seconds). type: int
more...
Supported Version Ranges comfort_interval v6.2.0 -> latest - options - One or more options that can be applied to the session. type: list choices: oversize, clientcomfort, servercomfort
more...
Supported Version Ranges options v6.2.0 -> latest[oversize] v6.0.0 -> latest[clientcomfort] v6.0.0 -> latest[servercomfort] v6.0.0 -> latest - oversize_limit - Maximum in-memory file size that can be scanned (MB). type: int
more...
Supported Version Ranges oversize_limit v6.2.0 -> latest - scan_bzip2 - Enable/disable scanning of BZip2 compressed files. type: str choices: enable, disable
more...
Supported Version Ranges scan_bzip2 v6.2.0 -> latest[enable] v6.0.0 -> latest[disable] v6.0.0 -> latest - ssl_offloaded - SSL decryption and encryption performed by an external device. type: str choices: no, yes
more...
Supported Version Ranges ssl_offloaded v7.0.0 -> latest[no] v6.0.0 -> latest[yes] v6.0.0 -> latest - stream_based_uncompressed_limit - Maximum stream-based uncompressed data size that will be scanned in megabytes. Stream-based uncompression used only under certain conditions (unlimited = 0). type: int
more...
Supported Version Ranges stream_based_uncompressed_limit v7.0.0 -> latest - tcp_window_maximum - Maximum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_maximum v7.0.0 -> latest - tcp_window_minimum - Minimum dynamic TCP window size. type: int
more...
Supported Version Ranges tcp_window_minimum v7.0.0 -> latest - tcp_window_size - Set TCP static window size. type: int
more...
Supported Version Ranges tcp_window_size v7.0.0 -> latest - tcp_window_type - TCP window type to use for this protocol. type: str choices: auto-tuning, system, static, dynamic
more...
Supported Version Ranges tcp_window_type v7.0.0 -> latest[auto-tuning] v7.0.4 -> latest[system] v6.0.0 -> latest[static] v6.0.0 -> latest[dynamic] v6.0.0 -> latest - uncompressed_nest_limit - Maximum nested levels of compression that can be uncompressed and scanned (2 - 100). type: int
more...
Supported Version Ranges uncompressed_nest_limit v6.2.0 -> latest - uncompressed_oversize_limit - Maximum in-memory uncompressed file size that can be scanned. type: int
more...
Supported Version Ranges uncompressed_oversize_limit v6.2.0 -> latest - switching_protocols_log - Enable/disable logging for HTTP/HTTPS switching protocols. type: str choices: disable, enable
more...
Supported Version Ranges switching_protocols_log v6.0.0 -> latest[disable] v6.0.0 -> latest[enable] v6.0.0 -> latest
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- name: Configure protocol options.
fortinet.fortios.fortios_firewall_profile_protocol_options:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
firewall_profile_protocol_options:
cifs:
domain_controller: "<your_own_value> (source user.domain-controller.name credential-store.domain-controller.server-name)"
options: "oversize"
oversize_limit: "10"
ports: "<your_own_value>"
scan_bzip2: "enable"
server_credential_type: "none"
server_keytab:
-
keytab: "<your_own_value>"
principal: "<your_own_value>"
status: "enable"
tcp_window_maximum: "8388608"
tcp_window_minimum: "131072"
tcp_window_size: "262144"
tcp_window_type: "auto-tuning"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
comment: "Optional comments."
dns:
ports: "<your_own_value>"
status: "enable"
ftp:
comfort_amount: "1"
comfort_interval: "10"
explicit_ftp_tls: "enable"
inspect_all: "enable"
options: "clientcomfort"
oversize_limit: "10"
ports: "<your_own_value>"
scan_bzip2: "enable"
ssl_offloaded: "no"
status: "enable"
stream_based_uncompressed_limit: "0"
tcp_window_maximum: "8388608"
tcp_window_minimum: "131072"
tcp_window_size: "262144"
tcp_window_type: "auto-tuning"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
http:
address_ip_rating: "enable"
block_page_status_code: "403"
comfort_amount: "1"
comfort_interval: "10"
fortinet_bar: "enable"
fortinet_bar_port: "32767"
h2c: "enable"
http_policy: "disable"
inspect_all: "enable"
options: "clientcomfort"
oversize_limit: "10"
ports: "<your_own_value>"
post_lang: "jisx0201"
proxy_after_tcp_handshake: "enable"
range_block: "disable"
retry_count: "0"
scan_bzip2: "enable"
ssl_offloaded: "no"
status: "enable"
stream_based_uncompressed_limit: "0"
streaming_content_bypass: "enable"
strip_x_forwarded_for: "disable"
switching_protocols: "bypass"
tcp_window_maximum: "8388608"
tcp_window_minimum: "131072"
tcp_window_size: "262144"
tcp_window_type: "auto-tuning"
tunnel_non_http: "enable"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
unknown_content_encoding: "block"
unknown_http_version: "reject"
verify_dns_for_policy_matching: "enable"
imap:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "10"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
scan_bzip2: "enable"
ssl_offloaded: "no"
status: "enable"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
mail_signature:
signature: "<your_own_value>"
status: "disable"
mapi:
options: "fragmail"
oversize_limit: "10"
ports: "<your_own_value>"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
name: "default_name_98"
nntp:
inspect_all: "enable"
options: "oversize"
oversize_limit: "10"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
scan_bzip2: "enable"
status: "enable"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
oversize_log: "disable"
pop3:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "10"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
scan_bzip2: "enable"
ssl_offloaded: "no"
status: "enable"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
rpc_over_http: "enable"
smtp:
inspect_all: "enable"
options: "fragmail"
oversize_limit: "10"
ports: "<your_own_value>"
proxy_after_tcp_handshake: "enable"
scan_bzip2: "enable"
server_busy: "enable"
ssl_offloaded: "no"
status: "enable"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
ssh:
comfort_amount: "1"
comfort_interval: "10"
options: "oversize"
oversize_limit: "10"
scan_bzip2: "enable"
ssl_offloaded: "no"
stream_based_uncompressed_limit: "0"
tcp_window_maximum: "8388608"
tcp_window_minimum: "131072"
tcp_window_size: "262144"
tcp_window_type: "auto-tuning"
uncompressed_nest_limit: "12"
uncompressed_oversize_limit: "10"
switching_protocols_log: "disable"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.